Rootkit backdoor targets poker gamers

By | May 16, 2006

An online poker backdoor, covertly storing gamblers´ information for potential theft has been uncovered by F-Secure rootkit detection technology, Blacklight. Rootkits are used by malware authors to hide malicious software.The online tool RBCalc.exe, also known as a Rakeback calculator, has been distributed from a gaming site Checkraised.com.

The backdoor, a method for securing illegal remote access to a computer was created by silently dropping four executable files into the user´s computer and using a rootkit driver to conceal the operation. With this in place, the tool´s author could access login information from the user´s computer for various online poker websites including Partypoker, Empirepoker, Eurobetpoker and Pokernow. Having gained access, the hacker could then play poker against himself, losing on purpose and reaping the rewards.

Shortly after the discovery, Checkraised.com removed the offending exe file from its website and issued an official statement on its website advising users to change their poker site passwords as well as offering instructions for manually removing the malware.

Speaking about the case, Kimmo Kasslin, a researcher at F-Secure´s Data Security Laboratory said: “Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.”

Leave a Reply